If there is an existing security policy in place and you want to update that security policy using the merged state the job fails if there is an existing group_profile and the group_profile is specified in your playbook/role.
fatal: [localhost]: FAILED! => changed=false
msg: 'Failed update group: At most 1 occurrence is allowed for group/member'
For example I have a playbook that defines group profile and if it creates a new rule with state present it works fine, now for example I want to add more source IPs to the rule. If I run the same job again with new source IPs then the job fails. If I comment out the group_profile parameter and rerun the job it works fine, but I don't want to have to edit that parameter every time an update is made.
Expected behavior
The job should complete successfully with group_profile specified especially when the group profile name is the exact same as what is currently in the rule.
Current behavior
I have a playbook that defines group profile and if it creates a new rule with state present it works fine. Now, for example, I want to add more source IPs to the rule. If I run the same job again with new source IPs then the job fails with the above error.
If I comment out the group_profile parameter and rerun the job it works fine, but I don't want to have to edit that parameter every time an update is made.
Possible solution
Steps to reproduce
Create playbook to create a security policy that has a group_profile assiged
Run the job to create the rule
Rule is now created
Re-run the same job with, for example, new source IPs and change the state from present to merged
Job will fail with msg: 'Failed update group: At most 1 occurrence is allowed for group/member'
Describe the bug
If there is an existing security policy in place and you want to update that security policy using the merged state the job fails if there is an existing group_profile and the group_profile is specified in your playbook/role.
Fails with the below error:
fatal: [localhost]: FAILED! => changed=false msg: 'Failed update group: At most 1 occurrence is allowed for group/member'
For example I have a playbook that defines group profile and if it creates a new rule with state present it works fine, now for example I want to add more source IPs to the rule. If I run the same job again with new source IPs then the job fails. If I comment out the group_profile parameter and rerun the job it works fine, but I don't want to have to edit that parameter every time an update is made.
Expected behavior
The job should complete successfully with group_profile specified especially when the group profile name is the exact same as what is currently in the rule.
Current behavior
I have a playbook that defines group profile and if it creates a new rule with state present it works fine. Now, for example, I want to add more source IPs to the rule. If I run the same job again with new source IPs then the job fails with the above error.
If I comment out the group_profile parameter and rerun the job it works fine, but I don't want to have to edit that parameter every time an update is made.
Possible solution
Steps to reproduce
Context
Your Environment
paloaltonetworks.panos.panos_security_rule